The present invention is related to a card processing apparatus and a card processing method, which update a card having an authentication function capable of confirming whether or not a person having such a card is an authorized person with employment of biological information, for instance, a fingerprint, a venous pattern, and the like.
In financial transactions performed among cash dispensers (will be referred to as “CDs” hereinafter) and automatic teller machines (will be referred to as “ATMS” hereinafter) of financial institutions, IC cards have been considerably conducted in order to avoid forgeries of cards and spoofing performed by a third party.
In IC cards, as compared with conventional cards equipped with magnetic stripes, the IC cards can be hardly duplicated, and also, security of the IC cards can be secured, namely, internal information stored in the IC cards cannot be readily stolen. In addition, since an attention has been paid to such a technical aspect that amounts of information which can be stored in these IC cards can be considerably increased, and furthermore, calculation process operations can be carried out inside IC cards, such IC cards equipped with biometrics authentication functions have been practically utilized. That is, in the above-described biometrics authentication functions, while biological information such as fingerprints and venous patterns is held in an IC card as enrollment data, a confirmation is made whether or not a user having the IC card is an authorized user by verifying a feature pattern of a living body as to the user, which has been read by a sensor, with another feature pattern of the living body which has been previously stored in this IC card as enrollment data.
In the IC cards equipped with the biometrics authentication functions, since plural pieces of biological information of users have been previously stored in these IC cards and verifying process operations are similarly carried out within the IC cards, it is possible to avoid that plural pieces of the biological information are leaked outside these IC cards. As a result, secrecies of personal information can be maintained.
On the other hand, with respect to cards which are used in financial institutions, expiration terms have been set, for instance, 5 years after relevant cards were issued have been set. Accordingly, updating procedures of these cards are required. When IC cards equipped with biometrics authentication functions are updated, as previously explained, biological information cannot be derived from these IC cards, so that such biological information enrolled in old IC cards (namely, IC cards which have not yet been updated) cannot be duplicated to new IC cards (namely, IC cards which have been updated). As a consequence, in such a case that IC cards having biometrics authentication functions are updated, users of these IC cards must go to relevant departments of financial institutions so as to take such necessary procedures that biological information of these users is again registered (enrolled) in new IC cards.
As methods capable of solving such a cumbersome process that the users must go to the relevant departments of the financial institutions when the IC cards equipped with the biometrics authentication functions are updated, one updating method executed by an ATM machine has been proposed (refer to JP-A-2006-195591). In accordance with the above-described conventional updating method, the biological information which has been enrolled in the old IC card is verified with respect to the feature pattern of the living body as to the user, which has been read by the sensor. Then, in such a case that the confirmation can be made that the user having the old IC card is the authorized user, the feature pattern of the living body as to the user, which has been read by the sensor in a single reading operation, is registered in the new IC card as the enrollment data.
On the other hand, another registering method for biological information has been proposed (refer to JP-A-2006-320715): That is, while a plurality of biological information have been acquired, such a biological information which is suitable for biometrics authentication is registered in an IC card.
In biometrics authentication, a feature pattern of a living body which has been previously enrolled as enrollment data is verified with another feature pattern of the living body which has been read from the living body by a sensor so as to acquire a verified coincident degree. In such a case that a coincident degree exceeds a threshold level, it is so assumed that it can be confirmed that a user having an IC card equipped with such a biometrics authentication function is an authorized user. When verified coincident degrees are judged, there is no possibility that verified coincident degrees are completely made equal to each other due to a difference in setting manners of a living body, noises of a sensor, and the like. However, there are some possibilities that verified coincident degrees may be slightly made different from each other. Under such a circumstance, since user friendly characteristics are considered, threshold levels capable of confirming whether or not users having IC cards are authorized users have been set with certain margins: That is, for instance, if a verified coincident degree between an acquired feature pattern of a living body and enrollment data exceeds 80%, then it is so assumed that a user having an IC card can be recognized as an authorized user.
As a consequence, in the above-described conventional updating method of JP-A-2006-195591, if such a feature pattern of the living body that the confirmation could be made that the user having the IC card is the authorized user by merely performing the single reading operation is directly registered in the new IC card, then this feature pattern which cannot be made coincident with the feature pattern of the living body by 100%, which has been registered in the old IC card, may be employed as the enrollment data of the new IC card. As a result, due to the execution of the updating procedure, such a feature pattern of the living body is registered in the new IC card, the quality of which has been deteriorated, as compared with the feature pattern of the living body in the old IC card.
Also, in such a biometrics authentication case that a confirmation is performed whether or not a user having a new IC card into which the deteriorated feature pattern of the living body has been registered is an authorized user, the deteriorated enrollment data may cause the verified coincident degree to be lowered. As a result, there is such a problem that the authentication precision is deteriorated.
In the method for registering the biological information described in JP-A-2006-320715, the biological information is newly registered in the IC card under the guidance of the person in charge belonging to the financial institution. However, this registering method is not equal to the below-mentioned registering method of the present invention, in which a user may independently register (update) biological information in a new IC card without any guidance made by the person in charge belonging to the financial institution. As a consequence, even in such a case that the user independently registers (updates) the biological information, the first-mentioned registering method does not take any consideration in order to achieve that the biological information which is suitable for the biometrics authentication is registered in the new IC card. For example, in such a case that a user registers biological information by an unmanned ATM machine in the present invention, since the user is not accustomed to the registering process operation of the biological information, there are some possibilities that his finger of this user may be held up to the biological information acquiring apparatus in the inclined manner, or in the rolling manner, so that such a biological information which is not suitable for an enrollment (namely, biological information whose situation can be hardly represented even by user himself) may be mistakenly registered to the new IC card. Also, in an updating process operation of an IC card, which is performed without intervening a person in charge belonging to a financial institution, since the person in charge cannot check this updating process operation, such a system having higher security is necessarily provided in order to avoid that a person having a bad will may alter his biological information which will be registered to an IC card.